Role Description SMBC is seeking a 1st Line of Defense - GRC Specialist at the Associate level who has a strong passion for Information Security risk management and is interested in building a career at a fast growing and reputable Bank.
As an Associate within GRC, you will play a vital role in protecting SMBC's information assets by conducting comprehensive risk assessments, collaborating with stakeholders, and driving process improvements.
Reporting to the Head of Security Risk Assessments, you will help shape the bank's security risk management practices and ensure compliance with internal and external standards.
Note: Expectation is to be onsite at least twice a week for this role.
Role Objectives: Expertise Conduct information security risk assessments for new and existing applications, clients, and regulatory requests.
Collaborate with IT, business, and compliance teams to identify, assess, and mitigate security risks.
Continuously improve risk management processes and leverage technology to enhance efficiency.
Communicate risks and controls effectively to technical and non-technical stakeholders.
Assist stakeholders with understanding assessment control questions, identifying compensating controls.
Maintain and update security policies and procedures; educate stakeholders on changes.
Support remediation and acceptance of identified risks in consultation with senior team members.
Understand information security controls and associated risks and articulate the risks and controls to both technical and business stakeholders Thoroughly understand the various security risk management policies and procedures to perform risk assessments and to educate new/existing stakeholders when policies and procedures change.
Simplify and explain risks associated with control gaps by articulating technical controls, risks, impacts and likelihood in business and layman's terms.
Support risk management tooling such as assessment tools and the risk register.
Qualifications and Skills Strong understanding of information security principles, risk assessment methodologies, and regulatory requirements.
Basic knowledge of commonly used banking applications, operating systems, and databases.
Basic knowledge of cloud-based applications and tools.
Basic knowledge of cyber security and information security best practices and industry frameworks, e.g., NYS DFS Cybersecurity, GLBA, CCPA/CPRA, ISO*****, NIST CSF/******, ISO *****, Center for Internet Security.
Have strong verbal and written communication skills.
Ability to demonstrate a self-motivated and disciplined approach to learning and working.
Ability to work in a team environment and demonstrate leadership skills when needed.
Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals.